In-depth analysis of 54.231.253.71 – Malware Research

If you are trying to get rid of the 54.231.253.71 related malware, then you are on the right place. In this post, we are going to take a look on how you can easily delete the 54.231.253.71 related adware/malware from your computer or device.

But before we start removing the 54.231.253.71 related malware from your device, we will need to understand with what type of malware we are dealing with, and how it was possible that the device got infected by the malware which is served via the 54.231.253.71 environment.

Reasons why 54.231.253.71 is listed:

History of being on a blacklist

History of being used in an aggressive marketing campaign

History of malicious traffic or use

Triggered as a spam-bot or aggressive crawler

We were lazy and we did not see that it is a false-positive (Sorry!)

Please do note that it is possible that 54.231.253.71 has been cleaned from malicious code and that it is serving genuine/clean traffic. So be very careful when you decide to block 54.231.253.71.

IP owner contact information

The last time we checked 54.231.253.71 for contact information, we found the following information. This information is being published as is. It is possible that the information is out-dated.

Domain information

IP Address

54.231.253.71

Country

USA – Washington

Network Name

AMAZO-ZL4

From IP

54.230.0.0

To IP

54.231.255.255

Classless Inter-Domain Routing (CIDR)

54.230.0.0/15

CIDR notation is a syntax for specifying IP addresses and their associated routing prefix. It appends a slash character to the address and the decimal number of leading bits of the routing prefix, e.g., 192.168.2.0/24 for IPv4, and 2001:db8::/32 for IPv6.Source: Wikipedia – https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing

Fake Video player

The 54.231.253.71 website claims that the victim needs to download, install and use a “video player”. This video player is a fake video player which has been loaded with malicious code. Once the victim downloads and runs the 54.231.253.71 malware, the malware will be activated and it will try to communicate with the cybercriminal which is operating the malware. It is also known that the “Fake Video Player” will install pop-up configurations on the device, which in order will load annoying pop-up advertisements.

Fake video player example./caption]

Fake Update

Another method which is being used by the cybercriminals, is the “Update” method. The cybercriminals will claim that the victims browser or video player is outdated, and that it needs to be updated. The cybercriminals will provide an “fake update” to the victim. The “update” contains malicious code, which will perform the same tasks which we have described in the “Fake video player” piece.

Clickjacking

Clickjacking is a manipulation technique which is used in hosting environments where a user is tricked into performing unwanted actions. These actions could be providing personal information, and installing (malicious/unwanted) applications on the device.

Clickjacking example. Watch out, the domain might still be active../caption]

Below you can view a list of (active) known Facebook Clickjacking domains:

cucshit.com

breakingnews.pw

daibang1.info

9meme.net

breastenlargementspecials.com

daibang2.info

action.localvouchers.co

brittanymaynard.com

daibang3.info

ads3k.com

buzzfeedalerts.com

dailyfun.biz

akw.biz

chupho001.com

damnlink.com

asksibil.com

chupho002.com

dhunakillmaqwe.blogspot.com

benzersanatci.com

codadvancedwarfarehack.com

dyzengreentech.com

bestoftime.net

colorsinternational.in

easylifebusy.us

blackvideo.club

contraiviet.info

ebbaygiftcard.com

bonypin.com

crazyfun.pw

exposedfootage.com

likes4fun.pw

headlinetv.com

facetweetvideo.com

linkjumps.com

heybabywaby.com

fanscrush.com

marcadokarma.es

homeinteriorsli.com

fixyourhomepage.com

mortepedict.com

horrificvid.pw

fundose.biz

myquiztest.com

imbesharam.me

funnyfans.net

newdays.info

jauriarts.com

funnyfunapps.com

newlatestvids.com

kamrulsiddiqui.com

funvideozz.com

newsbuzz.pw

kbc.com.co

getavoucherfast.com

newsbuzzsocial.com

kerolasun.com

gmanetwork.info

newseverblogger.com

leakedjobs.work

gozooms.com

piattaformeforex.biz

ranveerchinga.com

techari.com

vnwomen.net

rapidvideohere.pw

tenmienchuaaidangky.com

waphaivl.net

realmediaalerts.com

thebestsocialvideos.com

watch-new-video.us

revideos.tk

timbul.org

websiteapp.website

ritemails.com

tokofilmzeo.com

whatsappblue.com

rllj214230H.VIEWANT.com

totalbabu.in

wixyz.com

sba7.net

trangopao.com

worldtraveltoday.info

scoopywhoop.in

travelbyopa.com

sobatanda.com

sieuthitructuyen06.com

traveltours2015.com

socialposthub.com

sieuthitructuyen1.com

truethreatalerts.com

srads.net

sieuthitructuyen10.com

video-ness.com

startree.science

sieuthitructuyen3.com

videos24.pw

strangeandshockingfacts.com

sieuthitructuyen8.com

vidsman.pw

t56.info

sixwiper.com

vidspook.com

How do devices get infected by 54.231.253.71 malware

The device which are performing malicious activities after visiting the 54.231.253.71 website have been infected by malware. The malware is often installed by unaware users which try to watch or visit a specific video or page. The 54.231.253.71 page will claim that the user needs to perform various steps like the “fake Video Player” or “Fake Update” installation, and sadly some victims actually perform these steps.

What does 54.231.253.71 malware do?!

We have read various articles which provide information on the 54.231.253.71 malware, and it seems that the 54.231.253.71 has been mainly setup to collect personal information from the victims and it is also serving as a Click jacking and Survey environment.

Is your device infected?

It is possible that your computer has been infected and has alerted you the IP address. If that is the case, we have setup various guides on Cyberwarzone on how to protect your computer against malicious users and unwanted actions:

Generic Malware

If you see that an device has been hit by something which is called a “Generic Malware“, then the device simply has been hit by an malicious code which has been identified by antivirus companies, but they were not able to identify the family to which it belongs, so they simply put the name “Generic Malware” instead.

Crossrider malware

The crossrider malware is responsible for sending advertisements to infected devices, a lot of the devices get infected by installing malicious toolbars which have hidden functions. The crossrider malware can be easily removed by following the procedures which have been described below.

How to remove the 54.231.253.71 malware

If you want to remove the 54.231.253.71 malware from your device, I strongly urge you to download an antivirus application from Microsoft, AVG or any other party which you prefer. We strongly recommend you to use a paid version, but we are aware of the fact that a lot of people do not want to pay for these type of services.

Install the antivirus application on your computer, make sure that you update it to the latest version, and then run the antivirus application on your device.

The antivirus application will look for malicious content and it will also be able to identify the 54.231.253.71 malware on your device. Once it has identified the malware, it will try to clean it up.

Further investigation on 54.231.253.71

If the IP has hit your environment, and you need to do more research on the IP. Please take a look at the resources below. The resources will provide you a wide range of tools and techniques which will allow you to gain more information about 54.231.253.71 which is hosted on 54.231.253.71.

VirusTotal

You can take a look at the VirusTotal website, and check if the IP has been used in a malware campaign:

https://www.virustotal.com/en/ip-address/54.231.253.71/information/

Domain health check

On the MXTOOLBOX website you are able to check if the ip or domain is healthy. You can check this directly by using the link below:

http://mxtoolbox.com/domain/54.231.253.71/

Dynamic domains

It is possible that the domain which we have found is being used by cybercriminals as an dynamic gateway. This means that the IP which is behind 54.231.253.71 could be different on this very moment.

Source: CISCO blog./caption]

It is very wise to investigate further if you have been hit by the following domains:

adultdns.net

servehttp.com

myvnc.com

redirectme.net

hopto.org

zapto.org

no-ip.info

no-ip.biz

no-ip.org

sytes.net

Source: CISCO blog./caption]

Want this page removed?

We provide this information to help people forward. We do not provide this information to cause harm. So if you want to see the 54.231.253.71 report taken offline, simply send us an message via the contact form.

We will take down the page as soon as possible. We are publishing thousands of malicious IP’s daily and it is possible that we make some errors. We will not stay awake for the deletion of some pages on Cyberwarzone.

So please feel free to contact us for more information or questions. Use the contact page to get in touch with us.

Please do remember to include the URL or the IP (54.231.253.71) you want removed.

Feedback and additional information

If you are in the position to supply additional information or feedback on this post, then please provide the information you have. We are trying to build a community which will share reliable information, and we can use your help.

Cryptocurrency

Search for News, hashes, tutorials and downloads

Search for:

Cyberwarzone

Cyberwarzone is the number one cyberwar news provider. We have been publishing cyberwar news since 2010 and we are still running.

The news which has been collected is available for everyone and it will stay like that. All the cyberwar reports, videos, posts and comments are here to inform you about the cyberwar and security field.